Hi guys in my machine when I query `process namespaces` like osquery #general

Title

nebi

02/20/2019, 9:12 PM

Hi guys in my machine when I query

process_namespaces

like this

select * from process_namespaces

some of the processes do not have

pid_namespaces

even

pid1

does not have pid_namespace. Is this normal?

8p8c

02/20/2019, 9:36 PM

osquery> select version from osquery_info ;
version = 3.3.2
osquery> select * from process_namespaces limit 1 ;
             pid = 1
cgroup_namespace = 4026531835
   ipc_namespace = 4026531839
   mnt_namespace = 4026531840
   net_namespace = 4026531957
   pid_namespace = 4026531836
  user_namespace = 4026531837
   uts_namespace = 4026531838

works for me. without more specifics from you i couldn't tell what's wrong with your install.

nebi

02/20/2019, 9:45 PM

is this ubuntu machine?

8p8c

02/20/2019, 9:45 PM

yes

nebi

02/20/2019, 9:45 PM

My version is 3.3.2 and my machine is ubuntu 18.04

8p8c

02/20/2019, 9:46 PM

my output above is from 16.04

nebi

02/20/2019, 9:46 PM

hmm

you think that's the problem?

8p8c

02/20/2019, 9:47 PM

i haven't tried but i doubt. getting namespaces shouldn't have changed so dramatically between the kernels

but feel welcome to prove me wrong.

more information on the details how you're getting your results would also be useful.

nebi

02/20/2019, 9:56 PM

@8p8c can you be more specific

im just running

osqueryi

8p8c

02/20/2019, 9:57 PM

how?

nebi

02/20/2019, 9:57 PM

then this command

select *  from process_namespaces

8p8c

02/20/2019, 9:59 PM

k. so, tried it with sudo also?

nebi

02/20/2019, 10:00 PM

you mean when I type

osqueryi

8p8c

02/20/2019, 10:03 PM

Yes. How else are you going to get data out accessible only to root?

nebi

02/20/2019, 10:06 PM

omg, it worked now!

thanks man

sorry, I'm just beginner

8p8c

02/20/2019, 10:08 PM

Np. Don’t forget to close the issue in github.

nebi

02/20/2019, 10:13 PM

done

thanks

4 Views

#general Join Slack